My cousin's PC appeared to be infected by this virus few days ago.
He's using a Windows 2000 system so I don't need to turn off the system restore to prevent it backing up the virus since there is none.
And then I reboot and enter the safe mode and run a full system scan with Norton AntiVirus 2002, it detected nothing.
But when I later restart normally, the virus appears again.
The virus' name is Downloader.Trojan, Norton says that it is a memory resident virus. Does it mean that the virus is in my RAM? I've visited the Symantec web site for removal instruction but that didn't help. It says nothing more than what I did.
After startup, the desktop is occupied by a web page saying that I'm in danger(of course I am), and Norton pops up told me that some files like "sysxxxx.exe"(xxxx is random number) is infected by the virus.
Is there any efficient way to remove such virus?

I would download an anti-trojan program using a free trial from http://wilders.org/ like TDS or another highly rated program. Be sure to update it and then run it from the safe mode to see if the trojan can be removed.

my friend had two trojans as in the title which kept on hijacking his homepage and creaitng popups and avg was picking up viruses all the time. we spent hours getting nowhere. Untill we tried bho demon. Which found apiyh.dll in the windows folder. Then we deleted the dll file and it seemed to cripple the trojan. It may of not got rid of the trojan but has stopped it from executing. Hopefully this may help others with the same problem also glad to hear of any comments regarding this issue. this was with ad-aware,a2,avg, spysubtract.

I need help! I have a downloader.trojan virus on my computer at the C:\WINDOWS\system32\2dm3d.dll file. I have done the following:

I ran Norton Antivirus - it said it could not delete the file
I tried to go to the file location and delete it but it says:
"Cannot delete 2dm3d.dll: Access is denied
Make sure the disk is not full or write-protected and that the file is not currently in use"
I made sure that nothing was running when I did this and my task manager was empty...

Then...
I disabled system restore, updated the norton antivirus
Re-started the computer in safe mode
Re-ran the norton antivirus
Attempted to manually delete the file but could not
Deleted all references to the file and to "downloader trojan" in the registry
Re-ran Norton antivirus (still in safe mode) and it still had the virus
Stayed in safe mode and ran Ad-Aware SE Personal - it did not find that virus but it found other junk
Got out of safe mode, re-ran Norton and it was still there and still couldn't be deleted
I tried to delete it manually again but got the same "access denied" message

I re-did all the same stuff with safe mode, but nothing has worked ... the virus continues to plague me. Please, please, please help me... I am desperate to get rid of this thing!

Also, it was suggested for me to try re-starting in safe mode and try deleting the file by pressing Shift+delete but that didn't work either. I still got that "access denied" message from above.

Thank you!
Michelle

feel free to AOL IM me if you want to: SweetLD2155

I have encountered the same problem, adaware and spyware doctor doesnt seem to pick it up. Nortons keep picking up the virus and unable to repair the file......

i have deleted the files in the registry but nortons keep detecting the virus downloader.trojan

will appreciate any ideas.
Many Thanks
Penny
:)

I also have the "downloader.trojan" virus and have gone through the same routine as "SweetLD215" in her previous posting here...

I also have Norton and removed some of the infected files...turned off the system restore...edited the registry, attempted manual removal and got the same "acess-
denied" warning...etc etc.. yet the trojan remains on my system at location

C:\WINDOWS\System32\Y4a3f.dll

Can anyone please give us some advise...This is the second virus I have had on my comp and I do not want to loose important files or damage my programs...

Jenny

I have the exact same problem as SweetLD215 and Jenny!!!!! Its is very very very annoying and no one out there seems to be able to offer any help!!!

My computer is running XP Home. After running Norton 2004 and following all the standard reccomendations to delete the problem etc, the downloader.trojan remains in the following location:

C:\WINDOWS/System 32/oCwOC.dll

HELP!!!!

Hi friends,
If u guys are not able to remove the infected file and workin on xp/2000. u can install the recovery console using ur xp/2k cd (cddrive\i386\winnt32.exe /cmdcons)and then boot the system using recovery console option and remove the infected file.

Or if ur boot partion is fat32 u can boot ur system using bootable floopy then remove the infected file.

Regards
Rameshwar
rameshwar1@yahoo.com

Hi all,

I spent 12 hours yesterday trying to get this damn virus off my computer.

I looked in all the forums, did all the usual 'update your virus definitions' in Norton Antivirus, multiple scans in safe mode, downloaded four 'spyware' softwares, and none of it worked!

The only thing I managed to get to work was the 'Trojan Eliminator'! Go to this URL and download it FR~EE for 30 days. (Though I'd bookmark it too, 'cos if you get another trojan it will save you trying to find it again! ;o)

http://www.alarural.com/rd/trojan_eliminator.html

Let me know if you need any help with it. (I don't think it will be named the same, but my exe file was called: xqexwbx.exe and was in the WINDOWS main directory C:\WINDOWS\xqexbx.exe)

Hope it helps!

Kyle

Just a quick note on how to get rid of this type of fun stuff. To get rid of this type of persistant file i use a tool called MoveOnBoot which you can find here: http://www.gibinsoft.net/gipoutils/index.htm
This will allow you to select the file to move or delete and where to move it to and what to rename it. This will prevent these pesky files from starting up as they will be in a different directory, with maybe a different name or you just deleted it, all before windows can get its grubby hands on it and make your life hell. BTW, i only mention this as an aside to kyles response above, his method will work well on known virii and trojans but for unknown files i have had to use this. Also note this will let you get back to a working state but there will still be registry values and other stuff left over. I would then clean this all up using Ad-aware, spybot S&D, Hijack This, or even just autoruns.exe from sysinternals.com. Then you should be good to go.

I can only echo what Yonder711 said!!

After searching for ages on how to eliminate this trojan I stumbled across a help forum called spyware warrior.

One of the experts (a complete genius!!!) talked me through the problem and we ended up using moveoneboot to get rid of the file.

See the story unfold at this link:

http://www.spywarewarrior.com/viewtopic.php?t=9324

I have just removed this trojan from my computer using AVG free edition using the steps below.

Step 1 - Turn off System Restore - Control Panel, System, System restore tab, then check "Turn of system Resotre"

Step 2 - Restart computer in "Safe Mode" - Start, Run, type "msconfig", then OK, clik tab marked "BOOT.INI", then check /SAFEBOOT, then OK, then Restart.

Step 3 - while in safe mode, scan your entire computer with your updated antivirus software and remove infected files. My copy of Norton was out of date. I found a good, free antivirus called AVG Free Edition. It can be downloaded at:

http://free.grisoft.com/freeweb.php/doc/2/

Step 4 - Repeat step 2, but this time un-check /SAFEBOOT and restart. After restart, turn system restore back on.

Hope it helps!

i did a google search and typed in free trojan remover and found a freeware entitled trojan remover. it gives you a trail period. it removed the trojan for me.